I am desperately trying to get access to the local WIFI network, it fails with the message
“(wlan0): Activation: (wifi) access point ‘AltiboxXXXXX’ has security, but secrets are required”
Since there are secrets missing, I suppose it may relate to KWallet, which is not installed.
However, what kind of secrets are referenced is a secret to me.
I would also like to mention that my cable connection works (but is two floors away from my office).
Suggestions are very welcome.
Jan Christian
Please mention which “Network Setup Method” you’re using: ‘Network Manager’ or ‘Wicked’?
Please be aware that, ‘Network Manager’ is the preferred setup method for boxes with a WLAN interface …
[HR][/HR]Please also be aware that, if you’re using KDE, then a password storage (KWallet) is the preferred method to store the WLAN access keys (“secrets”) …
The KWallet documentation is here: <https://docs.kde.org/stable5/en/kdeutils/kwallet5/index.html>.
You forgot one option: Use the kwallet / pam option, i.e. unlock the wallet at user login.
I am using NetworkManager.
I wrote in my post “… I suppose it may relate to KWallet, which is not installed” (underscore added here).
When there is an update to 42.3, I have noticed that on some occasions,wlan0 will fail,
rebooting has until now solved the problem.
RGDS,
Jan Christian
How Network Manager behaves without access to password vault such as “KWallet” is something I have never, ever, attempted – therefore my suggestion is, to (re)install KWallet …
You’ll also to need to install the package “pam_kwallet” if you want to use PAM to unlock KWallet at login – the usual method to access the WLAN keys if you’ve chosen to use a wallet with GPG encryption: a “how to” is here: <https://nwrickert2.wordpress.com/2018/04/14/using-pam_kwallet-with-opensuse/>.
How Network Manager behaves without access to password vault such as “KWallet” is something I have never, ever, attempted -- therefore my suggestion is, to (re)install KWallet …
I have lived happily without KWallet for x years, and have no interest in reinstalling it again, for security reasons, I would not use it for storing PWs.
What is a ‘secret’, and what part of the system triggers the request for it?
RGDS,
Jan Christian
Security ? Without something like kwallet network secrets ( credentials/passphrase ) are stored in plain text format. But, this can be considered a matter of opinion and personal preferences, so let’s keep this out of the discussion.
AFAIK wpa_supplicant should deal with the ‘secrets’.
It’s very likely that the referenced “secrets” is your WiFi password.
Since you’re using NM,
Have you set up your Network Connection with your WiFi password?
Without looking too deeply at how your password is stored if you’re not using Kwallet, initially you should assume it’s being stored in a way that NM can access it.
If necessary, delete and re-make your connection.
Close your NM connection setup when completed.
And, although probably not necessary restart your network service for good measure with the following command
systemctl restart network
TSU
I have a) set up my Network Connection with ESSID and WiFi password, b) checked my system (Leap 42.3) for ‘KWALLET’, ‘kwallet’, … : no trace of it,
c) restarted the system by systemctl… and reboot x times (as you may guess, without success).
Full message
systemctl status NetworkManager
● NetworkManager.service - Network Manager
Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; disabled; vendor preset: disabled)
Active: **active (running)** since to. 2018-10-25 12:32:03 CEST; 8s ago
Main PID: 8452 (NetworkManager)
Tasks: 4 (limit: 512)
CGroup: /system.slice/NetworkManager.service
└─8452 /usr/sbin/NetworkManager --no-daemon
okt. 25 12:32:09 linux-k801.site NetworkManager[8452]: <info> NetworkManager state is now CONNECTING
okt. 25 12:32:09 linux-k801.site NetworkManager[8452]: <info> (wlan0): device state change: prepare -> config (reason 'none') [40 50 0]
okt. 25 12:32:09 linux-k801.site NetworkManager[8452]: <info> (wlan0): Activation: (wifi) access point 'AltiboxXXXXXX' has security, but secrets are required.
okt. 25 12:32:09 linux-k801.site NetworkManager[8452]: <info> (wlan0): device state change: config -> need-auth (reason 'none') [50 60 0]
okt. 25 12:32:09 linux-k801.site NetworkManager[8452]: **<warn> (wlan0): No agents were available for this request.**
okt. 25 12:32:09 linux-k801.site NetworkManager[8452]: <info> (wlan0): device state change: need-auth -> failed (reason 'no-secrets') [60 120 7]
okt. 25 12:32:09 linux-k801.site NetworkManager[8452]: <info> NetworkManager state is now DISCONNECTED
okt. 25 12:32:09 linux-k801.site NetworkManager[8452]: **<warn> (wlan0): Activation: failed for connection 'AltiboxXXXXXX'**
okt. 25 12:32:09 linux-k801.site NetworkManager[8452]: <info> (wlan0): device state change: failed -> disconnected (reason 'none') [120 30 0]
okt. 25 12:32:09 linux-k801.site NetworkManager[8452]: <info> startup complete
What I need, are some suggestions re what to look for / do. Your efforts would - as always be - greatly appreciated.
Jan Christian
How is this AP configured, for a simple shared password or 802.11x or something else?
And, is this your own AP or is it managed by someone else?
TSU
The password is 802.11x, it is not managed by someone else, it functioned until crash. Crash happened after saying ‘yes’ to proposed update.
Have you tried recreating the connection? Is it defined as a system-connection (available to all users)? I would be interested in seeing how it is defined in the /etc/NetworkManager/system-connections/ directory, (you can obfuscate the authentication details of course).
FWIW, there is a Network Manager bug affecting TW that seems to be impacting those using connections configured to start automatically, where ‘No agents were available for this request.’ is reported because NM tries to connect before the desktop agent is available. For a connection where secrets are stored unencrypted in the connection profile, I wouldn’t expect this to be a problem, but maybe there is some kind of NM regression at play here.
@deano_ferrari:
This is also, currently, happening with my Leap 15.0 Laptop – I have scripts which turn off the WLAN radio when I logout and ensure the radio is still “off” when I login – I enable the WLAN (if needed) after the KDE session «with KWallet ‘secrets’» is up and running …
Sorry, if there is any confusion I meant 802.1x, not “802.11” – They are very different.
Compared to the typical “WPA shared secret” configuration, 802.1x is much more complex.
If an 802.1x connection, then you need to provide a certificate or its equivalent and specify the encryption method(often but not always MS-CHAP).
These are things you should know if you manage your AP, and you need to set up NM accordingly.
TSU
Here is the system-connections file:
[connection]
id=Altibox091374
uuid=39692fcf-54e5-4312-a1cd-4ce3bc037298
type=wifi
permissions=user:xxx:;
secondaries=
[wifi]
mac-address=xx:xx:xx:6C:32:07
mac-address-blacklist=
mode=infrastructure
seen-bssids=
ssid=Altibox091374
[wifi-security]
auth-alg=open
group=
key-mgmt=wpa-psk
pairwise=
proto=
psk-flags=1
[ipv4]
dns-search=
method=auto
[ipv6]
dns-search=
method=auto
.config]
enable=nm-version:1.12.2
It is nice having you (and others) trying to help. Question: What can I do helping me helping you?
Jan Christian
Ok, I can see that you have this connection configured for one user, ‘auto-connect’ is being used, and the “autauth-alg=open” key (authentication algorithm required by the AP) is configured for an “open system”. The “key-mgmt=wpa-psk” key shows that WPA PSK is in use. However, the ‘psk-flags=1’ indicates to me that you are storing the secrets in an encrypted file (with a password manager). I would have expected that they would be listed here (although obfuscated here of course). Try redefining the connection and store the secrets unencrypted.
It is nice having you (and others) trying to help. Question: What can I do helping me helping you?
Jan Christian
That’s what the forums are about - users helping each other via there shared common interest of Linux! The idea is to share knowledge and time to provide support where able. You may be able to help others struggling with other technical issues.
The pasword setup worked for some 5 years at least and has been checked, nothing has changed in the setup.
I get that, but I thought you were explicitly storing it unencrypted ie within the connection profile file itself. Otherwise, NM does rely on using an external agent, and so it appears you’re impacted by some regression here (which is why I posted a link to a recent bug report). I’m trying to encourage you to try editing the connection and store the secrets unencrypted in the root-owned NM connection profile. That might work as a workaround. Apologies if I’m on the wrong track here.
In addition to deano_ferrari’s explanation:
Open Source isn’t a “bunch of amateurs playing around with ‘non-licensed’ software”: it’s a serious attempt to promote, rather than hinder, the progress of technology by avoiding unnecessary duplication of system programming …
Therefore, you’re helping this effort by posing questions relating to issues and problems you’re experiencing while using Open Source applications …
People such as my (not so humble) self, are committed to doing whatever we can to “keep the Open Source wagon rolling” …